- GreatSQL社区原创内容未经受权不得随便应用,转载请分割小编并注明起源。
- GreatSQL是MySQL的国产分支版本,应用上与MySQL统一。
- 作者:Yejinrong/叶金荣
- 文章起源:GreatSQL社区原创
持续吹MySQL 8.0~
在以前,当须要对MySQL数据库进行保护操作时,通常须要先进行主从切换,而后批改设置并重启实例,敞开网络监听,只容许从本地socket形式登入,再进行相应的保护操作;有时候甚至还要批改相应的防火墙,或者罗唆敞开前端业务服务,总体比拟麻烦。
从MySQL 5.7开始,反对设置为离线模式(offline_mode),再有保护操作需要就不必这么麻烦了。只需在线动静批改,可立刻失效,十分的简略粗犷:
mysql> set global offline_mode = on; -- 关上离线模式,回绝内部申请mysql> set global offline_mode = off; -- 敞开离线模式,容许内部连贯申请当设置为离线模式后,普通用户将无奈持续发动连贯申请,甚至以后正在执行的SQL也会立刻被终止并被断开连接。
1. 无奈创立新连贯
$ mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtestmysql: [Warning] Using a password on the command line interface can be insecure.ERROR 3032 (HY000): The server is currently in offline mode2. 即使是普通用户通过本地socket连贯,当启用离线模式后,也会被断开
$ mysql -S/data/MySQL/mysql.sock...mysql> show processlist;+-----+------+-----------+------+---------+------+-------+------------------+| Id | User | Host | db | Command | Time | State | Info |+-----+------+-----------+------+---------+------+-------+------------------+| 304 | yejr | localhost | NULL | Query | 0 | init | show processlist |+-----+------+-----------+------+---------+------+-------+------------------+1 row in set (0.00 sec)[sbtest]>select *,sleep(10) from t1 limit 3; -- 正在运行的SQL会立刻被终止,并断开连接ERROR 2013 (HY000): Lost connection to MySQL server during queryNo connection. Trying to reconnect...ERROR 3032 (HY000): The server is currently in offline modeERROR:Can't connect to the server3. 正在运行中的sysbench压测,也会被立刻断开
[ 1s ] thds: 16 tps: 442.02 qps: 9078.28 (r/w/o: 6382.37/1795.94/899.96) lat (ms,99%,99%,99.9%): 150.29/150.29/150.29 err/s: 0.00 reconn/s: 0.00[ 2s ] thds: 16 tps: 471.23 qps: 9387.56 (r/w/o: 6576.19/1868.91/942.46) lat (ms,99%,99%,99.9%): 61.08/61.08/65.65 err/s: 0.00 reconn/s: 0.00[ 3s ] thds: 16 tps: 386.03 qps: 7712.68 (r/w/o: 5399.48/1541.14/772.07) lat (ms,99%,99%,99.9%): 82.96/82.96/84.47 err/s: 0.00 reconn/s: 0.00[ 4s ] thds: 16 tps: 547.00 qps: 10894.97 (r/w/o: 7609.98/2190.99/1094.00) lat (ms,99%,99%,99.9%): 65.65/65.65/68.05 err/s: 0.00 reconn/s: 0.00FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'COMMIT'(last message repeated 1 times)FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'SELECT c FROM sbtest1 WHERE id=4822870'FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'COMMIT'FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'UPDATE sbtest1 SET k=k+1 WHERE id=2265001'FATAL: mysql_drv_query() returned error 2013 (Lost connection to MySQL server during query) for query 'SELECT c FROM sbtest8 WHERE id BETWEEN 3389984 AND 3390083'另外,从MySQL 8.0开始,对于离线模式又做了些改良和欠缺,比方新引入 CONNECTION_ADMIN权限等,细化离线模式的权限管理模式。
简略几点小结对于离线模式:
- 必须要有
CONNECTION_ADMIN以及CONNECTION_ADMIN权限 或者SUPER权限(SUPER权限在将来会被废除,而细分成更多细粒度权限),能力在线设置离线模式。 - 复制线程不会受到离线模式影响,还能失常工作。
- 当设置为离线模式时,没有授予
CONNECTION_ADMIN或SUPER权限的普通用户,正在执行的SQL会被立刻终止,连贯也会被立刻断开。 - 当设置为离线模式时,领有
CONNECTION_ADMIN或SUPER权限的用户,不会被断开连接。 - 当设置离线模式的用户不具备
SYSTEM_USER权限(只领有CONNECTION_ADMIN以及CONNECTION_ADMIN权限)的话,领有SYSTEM_USER权限的沉闷用户连贯不会被断开(因为想要断开SYSTEM_USER权限级别用户连贯同样须要至多有SYSTEM_USER权限),详见上面的案例。
有 u1 和 u2 两个用户,受权模式不同
mysql> show grants for u1;+----------------------------------------+| Grants for u1@% |+----------------------------------------+| GRANT USAGE ON *.* TO `u1`@`%` || GRANT SELECT ON `sbtest`.* TO `u1`@`%` |+----------------------------------------+mysql> show grants for u2;+----------------------------------------+| Grants for u2@% |+----------------------------------------+| GRANT USAGE ON *.* TO `u2`@`%` || GRANT SYSTEM_USER ON *.* TO `u2`@`%` || GRANT SELECT ON `sbtest`.* TO `u2`@`%` |+----------------------------------------+用户 yejr 的受权模式如下
+--------------------------------------------------------------------+| Grants for yejr@% |+--------------------------------------------------------------------+| GRANT USAGE ON *.* TO `yejr`@`%` || GRANT CONNECTION_ADMIN,SYSTEM_VARIABLES_ADMIN ON *.* TO `yejr`@`%` || GRANT ALL PRIVILEGES ON `sbtest`.* TO `yejr`@`%` |+--------------------------------------------------------------------+当 yejr 用户设置离线模式后,u2 用户的连贯不会被断开(但不能再建设新连贯),而 u1 用户的连贯会被断开
# 三个用户先别离建设连贯$ jobs[1] Stopped mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtest[2]- Stopped mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtest[3]+ Stopped mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtest# 设置离线模式$ fg 1mysql -h127.0.0.1 -uyejr -pxx -P4306 sbtest[yejr@db160] [sbtest]>set global offline_mode=on;Query OK, 0 rows affected (0.00 sec)# u1用户被断开连接$ fg 3mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtest[u1@db160] [sbtest]>select 1;ERROR 2013 (HY000): Lost connection to MySQL server during queryNo connection. Trying to reconnect...ERROR 3032 (HY000): The server is currently in offline modeERROR:Can't connect to the server# u2用户不会被断开连接$ fg 2mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtest[u2@db160] [sbtest]>select 1;+---+| 1 |+---+| 1 |+---+# 但u1/u2用户均不能再建设新链接$ mysql -h127.0.0.1 -uu2 -pxx -P4306 sbtestmysql: [Warning] Using a password on the command line interface can be insecure.ERROR 3032 (HY000): The server is currently in offline mode$ mysql -h127.0.0.1 -uu1 -pxx -P4306 sbtestmysql: [Warning] Using a password on the command line interface can be insecure.ERROR 3032 (HY000): The server is currently in offline mode是不是有点好玩呀~
联合后面的两篇文章 MySQL 8.0不再放心被垃圾SQL搞爆内存 以及 InnoDB buffer pool size进度更通明 能够看到MySQL 8.0在各个细节方面做的是越来越好了。
延长浏览
- \#sysvar_offline_mode, https://dev.mysql.com/doc/refman/8.0/en/server-system-variabl...
- Changes in MySQL 8.0.31, https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html
Enjoy GreatSQL :)
## 对于 GreatSQL
GreatSQL是由万里数据库保护的MySQL分支,专一于晋升MGR可靠性及性能,反对InnoDB并行查问个性,是实用于金融级利用的MySQL分支版本。
相干链接: GreatSQL社区 Gitee GitHub Bilibili
GreatSQL社区:
社区博客有奖征稿详情:https://greatsql.cn/thread-100-1-1.html
技术交换群:
微信:扫码增加GreatSQL社区助手微信好友,发送验证信息加群。